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5 FAM 840 
MANAGING SYSTEMS 

(CT:IM-144; 07-12-2013) 
(Office of Origin: IRM/BMP/GRP/GP 

5 FAM 841 SYSTEMS AUTHORIZATION PROCESS 

(CT:IM-89} 05-30-2007) 

a. In accordance with 0MB A-130, the Department is required to make a security 
determination, called authorization, to permit placing IT systems into operation 
In order for officials to make fully advised risk-based decisions, they must 
conduct a security evaluation known as certification of the IT system. 

b. All IT systems must complete the systems authorization process before 
becoming operational. (See 5 FAM 1060 and 5 FAM 611.) 

5 FAM 842 INFORMATION TECHNOLOGY 
SECURITY PLANS 

(TL:IM-50 - 05-04-2004) 

a. The Federal Information Security Management Act (FISMA) 2002 and 0MB 
Circular A-130 require all major applications and support systems to have a 
security plan. The system security plan provides all the information necessary 
to secure an IT system throughout the system's lifecycle. 

b. See Information Assurance for the available tool. 



5 FAM 843 INFORMATION QUALITY 

(CT:IM-144; 07-12-2013) 

0MB requires each agency to establish guidelines on ensuring the integrity of the 
information it maintains. Department guidelines state that each post and bureau 
is responsible and accountable for the integrity of information maintained on its IT 
systems. Information management officers (IMOs), information systems officers 
(ISOs), and system owners must carry out these responsibilities. 

5 FAM 844 STORING, HANDLING, AND 
DESTROYING MEDIA 
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(TL:IM-50; 05-04-2004) 

To protect information from loss, damage, or compromise, the ISO/system 
administrators and information systems security officer (ISSO) must verify 
destruction of media. For further guidance, see 12 FAM 622.1-7 and 12 FAM 
622.1-11 for unclassified/SBU media and 12 FAM 632.1-6 and 12 FAM 632.1-9 for 
classified media. 



5 FAM 844.1 Enterprise Server Operations Center 
(ESOC)— IT Consolidation 

(CT:IM-144; 07-12-2013) 

a. This section addresses the handling, maintenance, storing, and viewing of 
information residing on the Enterprise IT Consolidated (ITC) Storage Area 
Network (SAN). This policy applies to all personnel requiring access to the 
information contained within the system. ESOC provides: 

(1) Access to the information on the ITC SAN is strictly controlled on a need- 
to-know basis via Active Directory (AD) security groups; 

(2) The AD security group controlling ESOC Administrator and Backup/Archive 
Service account access to the ITC SAN infrastructure and root shares are 
controlled by the ESOC in compliance with the Bureau of Diplomatic 
Security and lA security in 5 FAM and 12 FAM; 

(3) The AD security group(s) controlling other IRM administrator (i.e.. Desktop 
Support Division (DSD), Operational Support Division (OSD), IT Service 
Center (ITSC), or consolidated bureau user access to stored information is 
controlled by the domestic information security officer (DISSO) and/or the 
DSD based on the access request procedures (reference OSD for further 
guidance); and 

(4) Maintenance of the information stored on the ITC SAN is the responsibility 
of the consolidated bureau. 

b. The domestic information security officer (DISSO) responsibilities are briefly 
described below and also in 5 FAM 824.1 and 1 FAM 275.4-3; 

(1) All ISSO responsibilities and functions relating to the information stored on 
the ITC SAN are to be directed to the OSD domestic information security 
officer (DISSO) for guidance; and 

(2) The ESOC has supplied the OSD DISSO's with the necessary access to any 
logging information required and will assist upon request to supply any 
supplementary information. 

c. The transference of system level Plan of Actions & Milestones (POA&M) 
supporting the In-scope server ITC functions are described below: 

(1) The ESOC scope in ITC is limited to servers supporting in-scope ITC 
functions; 
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(2) Consolidated bureaus retain responsibility for all physical asset 
management pertaining to In-scope servers and their associated lifecycle 
and hardware support; 

(3) Server operating system vulnerabilities and remediation of in-scope 
systems are now the responsibility of the ESOC; 

(4) Server vulnerabilities and remediation related to facility management 
continue to be the responsibility of the consolidated bureau; and 

(5) All in-scope systems supporting ITC functions will have their functions 
centralized onto IRM resources and will then be decommissioned. 

5 FAM 845 SECURITY AWARENESS, TRAINING, 
AND EDUCATION 

(CT:IM-144; 07-12-2013) 

a. The Department is required by the Federal Information Security Act (FISMA) 
2002 to conduct computer security training to ensure the confidentiality, 
integrity, and availability of its computer-based information. 

b. DS/T/TPS/SECD implements the Department's Information Assurance (lA) role- 
based training program. The Diplomatic Security Training Center (DSTC) suite 
of security role-based training courses is valid for 3 years. IRM/IA has 
responsibility for ensuring that Department's lA training program complies with 
Federal guidelines. For courses offered, see DS Training and Information 
Assurance. 

c. DS/IS/CSD initiates, develops, and provides annual IT security awareness 
briefings for users. The CISO also may authorize others to conduct the 
briefing. 

d. 12 FAM 600 requires the ISSOs, IMOs, and system administrators to ensure 
that all users receive appropriate security training. COTRs/contracting officer 
representatives (CORs) are responsible for their contract employees, and must 
ensure that all contracted employees receive appropriate systems security 
training before accessing any bureau or post system. 

5 FAM 846 ANTI-VIRUS 

(TL:IM-50; 05-04-2004) 

All IMOs/ISOs/system administrators for classified and unclassified systems are 
required to implement virus protection and detection programs for all systems 
connected to the Department's network, per 12 FAM 643.2-9, Virus Prevention. 
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5 FAM 847 FIREWALLS 

(CT:IM-144; 07-12-2013) 

a. The Department uses firewall technology to provide protection for network 
resources at all points where the internal networks connect with non- 
Department networks. 

b. The Department's Firewall Advisory Board, chaired by the Perimeter Security 
Division {IRM/OPS/ENM/PSD), ensures consistency of protection worldwide by 
establishing a baseline configuration for each of the Department firewalls. 

c. IMOs/ISOs/system administrators must comply with all guidance provided by 
the Firewall Advisory Board. 



5 FAM 848 REMOTE ACCESS 

(TL:1M-1 1 5; 04-25-201 1 ) 

Domestically, the Department is able to provide employees with secure dial-up 
access to Department resources by using secure domestic dial-in (SDDI) to access 
their Sensitive but Unclassified (SBU) email accounts and the Department's 
Intranet from locations outside of their normal office. Information on SAFENET is 
found on the Encryptions Programs and Product List. 



5 FAM 849 AUDIT TRAILS 

(TL:1M-1 1 5; 04-25-201 1 ) 

ISSO is responsible for coordinating with IMOs/ISOs/system administrators to 
monitor, investigate, log, and report system events and activities resulting from 
unauthorized access and modifications of sensitive critical files. See 12 FAM 637 
for further guidance. 
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